Unpatched systems and newly discovered OS vulnerabilities both increased in Q1 2017 in the UK, according to timely new stats from Flexera Software.
The firm’s Secunia Research division’s newly released Country Report for the first three months of the year revealed that 9% of users had unpatched Windows operating systems in the period, up from 7.2% in Q4 2016 and 6.1% in the first quarter of last year.
What’s more, 38% of vulnerabilities originated in operating systems in the UK during the period, up from 35% in Q4 2016 and 22% a year ago.
Flexera gave short shrift to any organizations still not doing the basics and patching promptly, especially as security updates are usually available.
The firm claimed that 81% of the 17,147 bugs recorded in 2016 had a patch available on the day of disclosure.
That was true of the vulnerability exploited by the much-publicized WannaCry/WannaCrypt ransomware attacks over the weekend.
“Frankly, if you wait two months to apply a critical Microsoft patch, you’re doing something wrong,” argued Kasper Lindgaard, senior director of Secunia Research at Flexera Software.
“This time, we even had a warning in April that this could very likely happen, so businesses need to wake up and start taking these types of threats and risks seriously. There is simply no excuse.”
However, the situation is more complex than that, especially in industries like healthcare, where a complex ecosystem of systems and software and the mission criticality of IT have historically made patching and upgrading to new OSes challenging.
Microsoft security staffer Jessica Payne wrote the following in two tweets on the subject:
“'Just patch' doesn't work for industries where vendors lock them into outdated software. Many places forced to have XP/old flash/etc to run.
"IT departments that want to do the right thing are often out voted by the business, and the company forcing these outdated tools onto them.”